共查询到20条相似文献,搜索用时 140 毫秒
1.
PCC的数组边界检查存在着由于无法确定数组下标表达式符号值的范围,而造成拒绝执行一些安全的移动代码等问题。本文给出的一种数组边界检查的优化及生成算法,不仅能够比较好地解决了这一问题,同时还生成了循环不变式注解中的条件谓词。我们设计的编译器——认证编译器——已经实现了这些算法,并完成了从用C编程语言的类型安全子集编写的源程序到携带注解的Intelx86/linux汇编语言程序的编译过程。由于基于语言安全策略系统的证明是建立在携带注解的代码基础之上的,因此该认证编译器中实现的算法在移动代码安全检查中非常有用。 相似文献
2.
基于类型注解的认证编译器设计与实现 总被引:2,自引:0,他引:2
基于类型注解的认证编译器是安全策略系统的核心部件,它不仅能够用C语言的类型安全子集编写的程序编译成优化的Intel x86/linux汇编语言程序,而且还可以根据类型安全策略的要求产生带注解的汇编程序.实验结果表明,新设计的认证编译器可实现:①类型安全的C语言子集的编译;②许多标准的局部优化;③可以对数组运行时越界操作进行检查.由于安全策略系统的证明是建立在含注解的代码基础之上的,因此,该认证编译器在移动代码安全检查中非常有用。 相似文献
3.
移动代码加密理论研究 总被引:4,自引:0,他引:4
“如何保护移动代码不受结点主机的篡改”是移动智能体及主动网安全机制的研究难点,传统采用防篡改硬件保护法而对基于密码学的纯软件保护法研究很少.介绍了该类方法的研究现状并着重阐述了移动代码加密理论的产生背景、盲计算理论基础、与传统加密理论差异及该理论目前所存在的问题,提出了面向对象的加密理论概念,指出其未来的研究方向及潜在的应用领域. 相似文献
4.
5.
非信任代码的安全执行是移动代码安全的重要问题之一。携带模型代码方法同时从移动代码的生产者和使用者的角度考虑,为安全执行非信任代码提供了一个系统、全面且有效的解决方案。该方法主要包括安全策略的定义、安全行为模型的生成,以及其验证和安全策略的强制实施。针对已被广泛使用的Java平台,在深入分析其基于访问控制的安全体系结构的基础上,通过对Java核心类的修改和扩展,提出了一种能增加新的安全策略,以及实现MCC方法中安全行为模型验证的方法,为提高Java安全策略的描述能力,以及基于于Java平台实现MCC方法,确保更全面的安全机制提供了可行的途径。 相似文献
6.
《计算机应用与软件》2016,(3)
基于安卓平台应用极易被病毒或恶意软件攻击,除了其平台开源开放等原因外,移动应用自身代码保护强度较弱也是主要因素。针对该问题,以安卓平台应用为研究对象,分析移动应用安全威胁模型及代码安全需求,研究代码混淆、代码隐藏、代码加密及代码签名等代码保护技术机制及优缺点;设计并实现了安卓应用代码保护技术分析引擎,对实验数据进行分析和总结。结果表明,不同规模和类型的样本都存在一定比例应用,其代码保护强度较弱;特别地,应用规模越小,代码保护强度越弱,致使该类应用极其容易被恶意攻击。 相似文献
7.
该文首先剖析了移动代码的计算过程,在此基础上讨论了移动代码在生成环境、执行环境采取的安全机制,并从语言层次的角度分析了移动代码的安全性。 相似文献
8.
9.
安全问题是移动代理技术应用发展过程中的一个重要课题。传统的分布式系统安全技术不能完全适应移动代理系统。本文对移动代码的保护问题做了简单的介绍和分类,并介绍了当前国际上该领域较新的研究成果。 相似文献
10.
本文介绍了网络安全所应考虑的几个方面,重点说明了移动代码中存在的安全问题,分析了其基本的原理,并介绍了两种弥补措施:证据携带码和基于历史的访问控制。 相似文献
11.
介绍了一种在安全策略语言的指导下,对机器语言进行安全检查的方法。它使用基于编程语言的理论和实现技术,通过分析程序语义和系统调用等特征,对程序进行检查。安全策略语言提供了一种灵活、统一的安全描述手段,希望这种将安全检查的实现机制和检查内容分离的做法能给其他的研究者提供了有用的参考。 相似文献
12.
Proof-carrying code (PCC) is a technique for downloading mobile code on a host machine while ensuring that the code adheres to the host's safety policy. We show how certified abstract interpretation can be used to build a PCC architecture where the code producer can produce program certificates automatically. Code consumers use proof checkers derived from certified analysers to check certificates. Proof checkers carry their own correctness proofs and accepting a new proof checker amounts to type checking the checker in Coq. Certificates take the form of strategies for reconstructing a fixpoint and are kept small due to a technique for fixpoint compression. The PCC architecture has been implemented and evaluated experimentally on a byte code language for which we have designed an interval analysis that allows to generate certificates ascertaining that no array-out-of-bounds accesses will occur. 相似文献
13.
A certifying compiler takes a source language program and produces object code, as well as a certificate that can be used to verify that the object code satisfies desirable properties, such as type safety and memory safety. Certifying compilation helps to increase both compiler robustness and program safety. Compiler robustness is improved since some compiler errors can be caught by checking the object code against the certificate immediately after compilation. Program safety is improved because the object code and certificate alone are sufficient to establish safety: even if the object code and certificate are produced on an unknown machine by an unknown compiler and sent over an untrusted network, safe execution is guaranteed as long as the code and certificate pass the verifier.Existing work in certifying compilation has addressed statically generated code. In this paper, we extend this to code generated at run time. Our goal is to combine certifying compilation with run-time code generation to produce programs that are both fast and verifiably safe. To achieve this goal, we present two new languages with explicit run-time code generation constructs: Cyclone, a type safe dialect of C, and TAL/T, a type safe assembly language. We have designed and implemented a system that translates a safe C program into Cyclone, which is then compiled to TAL/T, and finally assembled into executable object code. This paper focuses on our overall approach and the front end of our system; details about TAL/T will appear in a subsequent paper. 相似文献
14.
应用确认式编译技术解决移动代码的安全性问题是国际上新近开始研究的方法,其最大特点是把确保满足安全策略的主要任务由代码消费方转移到代码生产方,可以有效解决代码消费方运行时负担过重的问题;此外,它是对代码本身进行验证,而不是对代码产生方的身份进行验证,因而可信度更高并可以支持匿名代码。本文对该研究技术进行了分析,从中可了解到:支持更高级别的安全性是这种技术获得更广泛应用的焦点;并针对这种需求,在该文中穿插介绍了我们的工作设想,以期与同行分享。 相似文献
15.
16.
Andreas Gal Christian W. Probst Michael Franz 《Electronic Notes in Theoretical Computer Science》2005,141(2):114
Static Single Assignment (SSA) form is often used as an intermediate representation during code optimization in Java Virtual Machines. Recently, SSA has successfully been used for bytecode verification. However, constructing SSA at the code consumer is costly. SSA-based mobile code transport formats have been shown to eliminate this cost by shifting SSA creation to the code producer. These new formats, however, are not backward compatible with the established Java class-file format. We propose a novel approach to transport SSA information implicitly through structural code properties of standard Java bytecode. While the resulting bytecode sequence can still be directly executed by traditional Virtual Machines, our novel VM can infer SSA form and confirm its safety with virtually no overhead. 相似文献
17.
This paper proposes a new proof-based approach to safe evolution of distributed software systems. Specifically, it extends the simple certification mechanism of proof-carrying code (PCC) to make it interactive and probabilistic, thereby devising interactive proof-carrying code (iPCC). With iPCC, a code consumer is convinced, with overwhelming probability, of the existence and validity of a safety proof of a transmitted code through interaction with a code producer. The iPCC mechanism theoretically solves the problem of proof explosion with PCC and can be used to efficiently prove a greater variety of safety properties that may require longer proofs. Technically, the class (PSPACE) of safety properties that are efficiently provable by iPCC is larger than the class (NP) efficiently provable by PCC. To illustrate the power of iPCC, this paper demonstrates that the verification of certain basic safety properties of typical machine instruction codes needs co-NP-complete computation, and shows how these safety properties can be efficiently verified by the iPCC mechanism.This is an extended and revised version of Tsukada (2001a), which appeared in the Proceedings of the 2000 International Symposium on Principles of Software Evolution. A preliminary version was also presented at the International Conference on Advances in Infrastructure for Electronic Business, Science, and Education on the Internet (Tsukada, 2001b). 相似文献
18.
Portable mobile code is often executed by a host virtual machine using just‐in‐time compilation. In this context, the compilation time in the host virtual machine is critical. This compilation time can be reduced if optimizations are performed ahead‐of‐time before distribution of the mobile code. Unfortunately, the portable nature of mobile code limits ahead‐of‐time optimizations to those that are machine‐independent. This work examines the effect of machine‐independent optimizations on the performance of mobile code applications. All experiments use the SafeTSA Format, a mobile code format that is based on Static Single Assignment Form (SSA Form). The experiments, which are performed on both the PowerPC and IA32 architectures, indicate that the effects of performing classical machine‐independent optimizations are—in fact—quite machine‐dependent. Nevertheless, the results demonstrate that applying such optimizations in a mobile code system can be beneficial. Copyright © 2009 John Wiley & Sons, Ltd. 相似文献
19.
手机二维码是将二维条码和无线移动终端结合的产物,它一方面具有二维条码的特点,另一方面利用移动网络实现手机增值服务.文章介绍了手机二维码在国内的发展现状和成功应用案例. 相似文献
20.
研究和设计了一个基于程序分析的源代码漏洞分析与检测工具框架,框架中的各个模块如控制流分析(控制流图的构建、函数调用图的实现及过程内分析与过程间分析等)、数据流分析(求定义引用链、污染数据传播的设计、指针别名分析)、结构分析器、安全调度器、规则构建器,本文主要对代码分析的两个阶段进行了较为详细的介绍,同时对主要采取的过程内和过程间分析算法做了说明。 相似文献